Security News

Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.

The bug-hunters at Checkpoint have laid claim to the discovery and reporting of two serious, and now patched, security flaws in Microsoft Azure. Among the fixes are security updates for iOS and macOS, the two major operating systems from Cook and Co. While there aren't any massive risks posed by the patched flaws, users and admins should look to get the patches in place before malware writers begin to take aim at them.

Apple's latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution. The fixes address vulnerabilities in Apple's Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV's operating system, tvOS - each rated high-severity.

Apple has just announced its latest round of security updates. There are plenty of critical holes patched in this raft of updates - so we strongly advise you to patch right away, before anyone figures out how to abuse these newly-documented holes for fun or profit.

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products. A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

Technology Apple designed for its Safari web browser to protect users from being tracked when they surf the web may actually do just the opposite, according to new research from Google. Google researchers have identified a number of security flaws in Safari's Intelligent Tracking Protection that allow people's browsing behavior to be tracked by third parties, according to a report published in the Financial Times Wednesday.

In spite of Apple having turned over the shooter's iCloud backups in the case of the Pensacola, Florida mass shooting last month, the US government has been raking it over the coals for supposedly not helping law enforcement in investigations. Specifically, according to six sources - Reuters relied on the input of one current and three former FBI officials and one current and one former Apple employee - a few years ago, Apple, under pressure from the FBI, backed off of plans to let iPhones users have end-to-end encryption on their iCloud backups.

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. In December, KrebsOnSecurity pointed out the new iPhone 11 line queries the user's location even when all applications and system services are individually set never to request this data.

Two years ago, Apple abandoned its plan to encrypt iPhone backups in the iCloud in such a way that makes it impossible for it to decrypt the contents, a Reuters report claimed on Tuesday. Based on information received by multiple unnamed FBI and Apple sources, the report says that the decision was made after Apple shared its plan for end-to-end encrypted iCloud backups with the FBI and the FBI objected to it.